Your organization has had a few recent DDoS attacks. You need to authenticate responses to domain name lookups. Which Google Cloud service should you use?
Cloud DNS with DNSSEC (Domain Name System Security Extensions) provides authentication for DNS responses, ensuring that they are legitimate and have not been tampered with. DNSSEC helps protect against DNS spoofing and cache poisoning attacks, which are common techniques used in DDoS attacks.
Steps:
Enable DNSSEC: In the Google Cloud Console, navigate to Cloud DNS and enable DNSSEC for your managed zones.
Configure Key Signing: Set up key signing keys (KSK) and zone signing keys (ZSK) to sign your DNS records.
Monitor DNSSEC Status: Regularly monitor the DNSSEC status and logs to ensure it is functioning correctly.
[References:, Cloud DNS documentation, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit